Skip to main content
CVE-2014-0160 HIGH POC KEV PATCH THREAT Act Now

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Information Disclosure OpenSSL
NVD Exploit-DB GitHub VulDB
CVSS 3.1
7.5
EPSS
94.5%
Threat
7.3
CVE-2012-2095 MEDIUM POC This Month

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Information Disclosure Wicd Fedora
NVD Exploit-DB VulDB
CVSS 2.0
6.9
EPSS
0.6%
CVE-2012-1834 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Cms Tree Page View
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6641 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Prestashop
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy